CN116776333A - Method for executing a secure boot sequence of a computing unit - Google Patents
Method for executing a secure boot sequence of a computing unit Download PDFInfo
- Publication number
- CN116776333A CN116776333A CN202310270471.3A CN202310270471A CN116776333A CN 116776333 A CN116776333 A CN 116776333A CN 202310270471 A CN202310270471 A CN 202310270471A CN 116776333 A CN116776333 A CN 116776333A
- Authority
- CN
- China
- Prior art keywords
- protection
- memory
- security module
- unit
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000015654 memory Effects 0.000 claims abstract description 187
- 230000001419 dependent effect Effects 0.000 claims description 7
- 230000004913 activation Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 47
- 238000004590 computer program Methods 0.000 description 16
- 238000004891 communication Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000009849 deactivation Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008672 reprogramming Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000003936 working memory Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
Abstract
The application relates to a method for executing a secure boot sequence of a computing unit having: a host with a host processor; a memory; a security module; and a memory protection unit configurable by the security module, the memory protection unit being set up to: selectively implementing one or more of write protection, read protection, and execution protection for host access for at least one configurable area of memory according to a corresponding configuration, wherein upon activation of the computing unit, the security module and the memory protection unit are activated and write protection and/or read protection and/or execution protection is activated for a load store of the memory storing the loader; wherein the integrity of the load store is checked by the security module; wherein if the integrity of the load store is confirmed, the memory protection unit is configured by the security module to disable read protection and/or execution protection for the load store and to initiate execution of the loader in the host.
Description
Technical Field
The application relates to a method for executing a secure boot sequence of a computing unit and to a computing unit for executing the method.
Background
The control device of a motor vehicle or other machine may be equipped with a security module, such as a so-called Hardware Security Module (HSM), which provides functionality for cryptographically protecting the function of the control device, in particular the execution of an application program or a computer program by the control device. For example, the authenticity of the applications may be checked before executing the applications, or the HSM may perform encryption and/or decryption of data, such as data sent from the control device to or received by another computing unit. Typically, the HSM is integrated in a microchip together with a main processor of the control device in order to ensure a high processing speed.
Disclosure of Invention
According to the application, a method for executing a secure boot sequence of a computing unit and a computing unit for executing the method are proposed, which have the features of the independent patent claims. Advantageous embodiments are the subject matter of the dependent claims and the following description.
The application uses the following measures: with the start-up of the computing unit, the security module and the memory protection unit are started and write protection and/or read protection and/or execution protection is activated for the load memory area of the memory in which the loader is stored. The integrity of the load store is then checked by the security module and if the integrity of the load store is confirmed, the memory protection unit is configured by the security module to disable read protection and/or execution protection for the load store and to initiate execution of the loader in the host. By activating these protection functions during the integrity check, vulnerabilities to attacks that result from the point in time at which the loader is started, which is different from the point in time at which the integrity of the load store is checked, are closed or at least reduced.
The computing unit includes a host, at least one memory, a security module, and a memory protection unit. The host has a host processor. The memory protection unit is configurable by the security module and is set up to: write protection and/or read protection and/or execution protection of host accesses are selectively implemented in accordance with respective configurations for at least one configurable area of the at least one memory. Since the memory protection unit is configurable by the security module, it is possible that: memory protection is dynamically activated for the different memory areas in which the data to be verified is located at the respective points in time. Preferably, the memory protection unit cannot be configured by the host. This is advantageous because: this prevents a manipulated computer program that has already been executed from bypassing the protection function, for example in order to execute another manipulated computer program.
"read protection" means: the data stored in the storage area cannot be read by the host. "write protect" means: the host cannot write new data to the storage area or the data in the storage area cannot be changed. "execution protection" means: when the data in the storage area is a computer program, the host cannot execute the computer program. In the present application, performing protection is typically combined with read protection. Execution protection without read protection means: the data is not interpreted by the host as machine instructions (opcodes); i.e. the memory protection unit prevents these data from being loaded into the instruction decoding unit of the host processor. In this case, it is possible to read itself, i.e. to load into a general data register of the host processor (i.e. outside the instruction decoding unit).
The security module is in particular a Hardware Security Module (HSM), i.e. is essentially implemented by hardware elements (i.e. not as software modules executing in the host). The security module provides cryptographic functions which can be used by the host in order to protect security-critical functions, such as communication of a plurality of control devices with each other or (integrity) checking whether the program code has been manipulated. For this purpose, the security module manages, in particular, secret passwords (ciphertext) and/or cryptographic keys, and preferably implements the cryptographic method in hardware. These keys are stored by the security module in the area of the host memory provided for this purpose and/or in the security module memory, i.e. in the security module's own memory. The security module includes a processor (which is different from the host processor) and may be implemented separately from the host or integrated with the host or host processor and memory in a chip (the security module and host then may be said to be formed or mapped by different processor cores on the chip to some extent). The security module is set up to check the integrity of the memory area.
In the case of an integrity check, in particular a function, i.e. a check value function or a cryptographic hash function, is applied to the data in the memory area to be checked and the current check value obtained is compared with a reference check value. If the two are identical, the data is considered unchanged (in terms of integrity check or hash function), i.e. the integrity is confirmed. If the two are different, then consider: the data has changed or has been manipulated, i.e. the integrity has not been confirmed. The reference check value may be stored in a non-volatile security module memory, for example. The reference check value may be managed or stored by the security module. Suitable hash functions are, for example, hash functions according to SHA-1 or SHA-2, namely SHA-224, SHA-256, SHA-384, SHA-512/224 and SHA-512/256, which are known, for example, from the literature FIPS PUB 180-4 (http:// dx.doi.org/10.6028/NIST.FIPS.180-4) of NIST (national institute of standards and technology (National Institute of Standards and Technology)) or also from RFC 6234. The hash value is 160 bits in length for SHA-1 and 224, 256, 384 or 512 bits in length for SHA-2 series of hash functions. Likewise, MD5 (Message Digest Algorithm 5), RFC1321, 128 bits in length, or SHA-3 (FIPS PUB 202, http:// dx.doi.org/10.6028/NIST.FIPS.202) can also be used, 224, 256, 384, 512 bits or any, depending on the version.
Integrity checking may also be performed using a message authentication code (MAC: message Authentication Code). Such as HMAC (hash-based message authentication code; hash-based message authentication code) according to RFC2104 or FIPS PUB 198 (http:// csrc. Nist. Gov/publications/FIPS/FIPS198-1/FIPS-198-1_final. Pdf). HMAC involves applying a hash function, in particular one of the cryptographic hash functions described above, a plurality of times. More generally, another Message Authentication Code (MAC) may also be used, in the mapping of which a key (stored by the security module, for example) and a message (data in the storage area) are added. Correspondingly, the HMAC mapping or MAC mapping of keys and messages to authentication codes (check values) represents a check value function. Other examples of message authentication codes other than HMAC are CMAC (Cipher-based message authentication code (Cipher-Based Message Authentication Code)), GMAC (galois information authentication code (Galois Message Authentication Code)) or SipHash.
Preferably, with the start-up of the computing unit, write protection and/or read protection and/or execution protection is activated for a system kernel memory area of a memory storing a system kernel program, wherein the security module is caused by the loader to check the integrity of this system kernel memory area, and wherein when the integrity of the system kernel memory area is confirmed, the memory protection unit is configured by the security module to disable the read protection and/or execution protection for the system kernel memory area, and to initiate execution of the system kernel program in the host (when the integrity of the system kernel memory area is confirmed).
The system kernel program (e.g., operating system) is a computer program that implements basic functions related to the management and execution of applications. Examples of such functions are: causing the start and end of the application; the allocation of hardware resources (computation time, memory space … … in volatile memory) to these applications; or interfaces for communicating with external devices (other computing units, sensors, controlled components). Further, the system kernel itself may be or include an application, especially for the case where only one application is provided.
Preferably, with the start-up of the computing unit, write protection and/or read protection and/or execution protection is activated for at least one application memory area of the memory storing at least one application, wherein the security module is caused to check the integrity of the at least one application memory area by the loader or if necessary the system kernel, and wherein when the integrity of the at least one application memory area is confirmed, the memory protection unit is configured by the security module to deactivate the read protection and/or execution protection for the at least one application memory area, and the execution of the at least one application is started in the host (when the integrity of the application memory area is confirmed).
The application programs are computer programs that implement the actual functions of the computing unit. In the case of a control device, these actual functions are, for example, control functions, wherein an application receives data from a sensor or a controlled component and/or generates control signals for the controlled component. There may be only one application or there may be multiple applications. In the case of multiple applications, the above steps may be performed for each individual application of the applications. Preferably, the integrity check and initiation of the application is caused by the system kernel. In principle, it is also possible to provide: in particular when only a single application is provided, an integrity check and start-up of the application is caused by the loader.
Preferably, the memory protection unit is set up to: at start-up, a standard configuration is implemented in which write protection and/or read protection and/or execution protection is activated for the load store. Alternatively, and also preferably, the memory protection unit is configured by the security module to activate write protection and/or read protection and/or perform protection for the load store upon starting up the security module. Preferably, in the standard configuration, write protection and/or read protection and/or execution protection is also activated for the system kernel storage area. Alternatively, and also preferably, upon starting up the security module, the memory protection unit is configured by the security module to activate write protection and/or read protection and/or perform protection for the system kernel storage area. Preferably, in the standard configuration, write protection and/or read protection and/or execution protection is also activated for the at least one application storage area. Alternatively, and also preferably, the memory protection unit is configured by the security module to activate write protection and/or read protection and/or perform protection for the at least one application storage area upon starting the security module.
These designs involve the possibility of effectively implementing the initial activation of the protection functions of the respective memory areas (load memory area, system kernel memory area, application memory area). In particular such that there is no intermediate period of time during which these protection functions are not activated before the integrity check of the respective memory area.
Preferably, if the integrity of the load store is not confirmed, the security module does not configure the memory protection unit to disable read protection and/or perform protection for the load store, and further preferably generates and/or stores an error message. Preferably, if the integrity of the system kernel storage area is not confirmed, the security module does not configure the memory protection unit to disable read protection and/or perform protection for the system kernel storage area, and further preferably generates and/or stores an error message. Preferably, if the integrity of the at least one application storage area is not confirmed, the security module does not configure the memory protection unit to disable read protection and/or perform protection for the at least one application storage area, and further preferably generates and/or stores an error message.
These designs, which relate to the case where the integrity of one of the memory areas is not confirmed, are advantageous because: this effectively prevents the execution of the corresponding computer program by the host. The error message enables identification of potential manipulations and is used for error analysis of, for example, which computer program is involved.
Preferably, if a request is received by a programming unit for reprogramming the loader and/or the system kernel and/or the at least one application, the authenticity of the programming unit is checked by a security module, and if the authenticity is confirmed, the security module configures the memory protection unit to disable write protection for the loader memory area and/or the system kernel memory area and/or the at least one application memory area. With this design, the computer program can be updated.
The control device of a computing unit, such as a motor vehicle or other machine, according to the application has: a host with a host processor; a memory; a security module; and a memory protection unit configurable by the security module, the memory protection unit being set up to: one or more of write protection, read protection, and execution protection are selectively implemented for at least one configurable area of the at least one memory according to a corresponding configuration. The calculation unit is set up to: all method steps of the method according to the application are performed.
Other advantages and embodiments of the application will be apparent from the description and drawings.
The application is schematically illustrated in the drawings and is described below with reference to the drawings according to embodiments.
Drawings
Fig. 1 illustrates a computing unit in which a method for performing a secure boot sequence may be implemented.
Fig. 2 illustrates a flow of a method for performing a secure boot sequence of a computing unit in accordance with a preferred embodiment.
Detailed Description
Fig. 1 shows an exemplary computing unit 2 in which a method for verifying data can be implemented. The control device of the computing unit 2, for example a motor vehicle or other machine, comprises: a host 4; a security module 6; a memory protection unit 8; a nonvolatile memory 10; and optionally volatile memory 11.
The host 4 includes: a host processor 12 having one or more processor cores; and optionally volatile working memory 14 (RAM: random access memory (Random Access Memory)). In addition to the elements shown, the host computer may of course also comprise other elements, in particular interfaces for data communication with other elements of the computing unit and/or with elements external to the computing unit, such as sensors or controlled components of a motor vehicle controlled by the computing unit or of a machine controlled by the computing unit. The host computer implements the actual functions of the computing unit 2, such as control functions in the case of a control device, by executing corresponding computer programs (application programs).
In the non-volatile memory 10, e.g. a flash memory, a computer program and data required for execution may be stored. An optional volatile memory 11 (e.g. RAM memory) may be provided to enable data exchange between the host and the security module, i.e. the optional volatile memory is a shared volatile memory. As indicated by the lines, the host 4 is connected to the nonvolatile memory 10 and, if necessary, the volatile memory 11 for data communication. The memory 10 and, if necessary, the volatile memory 11 may be regarded as a host memory, which may be accessed by the host in accordance with the protection function implemented by the memory protection unit 8 (see below). The connections for data communication and also for the security module are not explicitly shown in detail here, but are represented only generally by lines. These connections may be realized, for example, by means of buses and/or point-to-point connections.
The security module 6, in particular a Hardware Security Module (HSM), serves as a trust anchor for the computing unit 2. The security module 6 illustratively includes one or more processor cores 22, volatile security module memory 22 (e.g., RAM memory), and non-volatile security module memory 24. In the non-volatile security module memory 24, cryptographic data, such as cryptographic keys or ciphertext, may be stored. There may also be stored a computer program implementing the functions of the security module. Instead of or in addition to the non-volatile security module memory 24, a protected memory area (i.e. a memory area inaccessible to the host) may be provided in the non-volatile memory 10, in which the cryptographic data of the security module or the computer program may be stored. In principle, it is also possible to: the one or more processor cores 22 implement the secure module functionality without executing a computer program (software), e.g., as a state machine. The security module 6 may also comprise further hardware elements 26 (only one shown by way of example) implementing specific security-related functions or cryptographic functions, such as an error correction method (ECC: error correction code (Error Correcting Code)), a random number generator (RNG: random Number Generator), a hash method, an asymmetric cryptographic method (such as RSA: rivest-Shamir-Adleman) or a symmetric cryptographic method (such as AES: advanced encryption standard (Advanced Encryption Standard)). An interface (not shown in detail) is also provided for data communication with the host 4, the non-volatile memory 10, if necessary the volatile memory 11 and the memory protection unit 8.
The memory protection unit 8 is configurable, for example by means of a configuration register 28. That is, the memory protection function implemented by the memory protection unit 8 is not static, but dynamic. The computing unit 2 is set up such that the configuration of the memory protection unit 8 can only be performed by the security module 6, for example by writing the configuration into the configuration register 28. The host 4 cannot configure the memory protection unit 8 or, more generally, cannot access the functions of the memory protection unit 8. It may be provided that: the memory protection unit 8 adopts a standard configuration at the time of startup or initialization, i.e., implements a memory protection function in accordance with a predetermined standard configuration at the time of startup. Since the configuration registers are typically volatile memory locations, there is thus prevented an indefinite period of memory protection after a restart.
Memory protection may be provided for a specified (configurable) memory area, for example a memory area extending from a start address until an end address. Possible protection functions are: read protection (r), write protection (w), and execution protection (x). The corresponding entry in the configuration register 28 may be, for example, as follows: (start address, end address, r, w, x), where the start address and end address indicate memory areas and r, w, x are bits indicating whether corresponding accesses are allowed. If the host 4 tries to access the non-volatile memory 10 (or if necessary the volatile memory 11), the memory protection unit 8 checks whether the corresponding access is allowed (e.g. in dependence on the configuration register 28). If access is not allowed, the access is blocked, in particular by the memory protection unit 8. Errors (Exception errors) may also be displayed and corresponding error handling routines called, such as in the security module. Suitably, in this predetermined standard configuration, read protection and/or write protection and/or execution protection is activated for all storage areas or for a specific storage area.
The security module 6 can access the non-volatile memory 10 (and, if necessary, the volatile memory 11) independently of the memory protection. That is, the memory protection involves only access of the nonvolatile memory 10 (and, if necessary, the volatile memory 11) by the host, i.e., read protection, write protection, and/or execution protection is implemented for the host.
Fig. 2 illustrates a flow of a method for performing a secure boot sequence of a computing unit in accordance with a preferred embodiment. The diagram is divided into four columns, wherein each column relates to an element of the computing unit and indicates the method steps performed in the element or the corresponding state of the element. In particular, column 40 is provided for the host, column 50 is provided for the security module, column 60 is provided for the memory protection unit, and column 70 is provided for the non-volatile memory.
In the column 70 for the non-volatile memory, three memory areas of the memory are shown separately (in general, the memory may of course also have memory areas other than the three memory areas shown, i.e. a part of the memory is shown). Load store 72, system kernel store 74, and application store 76 are shown. Respectively draw out: whether or not to activate a memory protection function for each memory area, wherein the memory area with shading is the memory area where the memory protection function is activated and the memory area without shading is the memory area where the memory protection function is (at least partially) deactivated. The loader is stored in the load store 72, the system kernel is stored in the system kernel store 74 and the application is stored in the application store 76.
With the start-up of the computing unit, the security module is started in step 100 and the memory protection unit is started in step 105 as well. The host is also started up without the host first executing a computer program (not shown). With the start-up of the computing unit, memory protection functions, which are read-protection and/or write-protection and/or execution protection, are activated for the three illustrated memory areas. For this purpose, the memory protection unit may be set up to: these memory protection functions are automatically implemented upon start-up, in particular by means of corresponding predetermined standard configurations which are automatically implemented upon start-up. Alternatively or additionally, the security module may be set up to: with the start-up, the memory protection unit is configured such that read protection and/or write protection and/or execution protection is activated.
In step 110, the security module performs an integrity check of the load store 72. These memory protection functions (not shown) are preferably preserved if the integrity of load store 72 is not confirmed, i.e., if potential manipulation is identified. In addition, corresponding error messages may be generated and/or stored (e.g., in a non-volatile security module memory). Additionally, the computing unit may be turned off here.
If the integrity of load store 72 is confirmed, then in step 120, the security module configures (as indicated by the arrow) the memory protection unit to at least partially disable memory protection functions for load store 72 (step 125). In particular, the memory protection unit is configured to disable read protection and/or perform protection for load store 72. Preferably, write protection remains active. In the other two memory areas 74, 76, these memory protection functions remain active.
In step 130, the host computer begins executing the loader. For example, a message may be sent from the security module to the host indicating that the launch of the loader can be executed or caused.
In step 140, the host or a loader executing in the host causes the security module to check the integrity of the system kernel storage area 74 (e.g., by means of a corresponding request).
In step 150, the security module performs an integrity check of the system kernel storage area 74. These memory protection functions (not shown) are preferably preserved if the integrity of system kernel storage area 74 is not verified. In addition, corresponding error messages may be generated and/or stored (e.g., in a non-volatile security module memory). In addition, the computing unit may also be switched off here.
If the integrity of system kernel storage area 74 is confirmed, then in step 160, the security module configures the memory protection unit to at least partially disable memory protection functions for system kernel storage area 74 (step 165). In particular, the memory protection unit is configured to disable read protection and/or perform protection for the system kernel storage area 74. Preferably, write protection remains active. For the application memory area 76, these memory protection functions remain active.
In step 170, the host computer begins executing the system kernel. For example, a message may be sent from the security module to the host indicating that the system kernel is capable of executing or causing the start-up of the system kernel. The system kernel may be considered a hypervisor (e.g., an operating system) that causes execution of one or more application programs. The application program stored in the application program storage area 76 is, for example, one of these (typically, a plurality of) application programs.
In step 180, the host computer or a system kernel executing in the host computer causes the security module to check the integrity of the application memory area 76 (e.g., by means of a corresponding request).
In step 190, the security module performs an integrity check of the application memory area 76. These memory protection functions (not shown) are preferably preserved if the integrity of the application memory area 76 is not confirmed. In addition, corresponding error messages may be generated and/or stored (e.g., in a non-volatile security module memory). The error message may be transmitted in particular to a host or a system kernel program, which may, for example, implement a corresponding error handling routine.
If the integrity of the application storage area 76 is confirmed, then in step 200 the security module configures the memory protection unit to at least partially disable the memory protection function for the application storage area 76 (step 205). In particular, the memory protection unit is configured to disable read protection and/or perform protection for the application storage area 76. Preferably, write protection remains active. If there are other application program storage areas for other application programs, these memory protection functions in these other application program storage areas remain activated.
In step 210, the host begins executing an application. For example, a message may be sent from the security module to the host indicating that the application can be executed or caused to start. If there are other applications that should be started, steps 180 to 210 are correspondingly repeated, wherein instead of the illustrated application memory area 76, an integrity check and, if necessary, a deactivation of these memory protection functions is performed for the application memory area storing the respective application.
Claims (12)
1. A method for executing a secure boot sequence of a computing unit (2), the computing unit having: a host (4) with a host processor (12); a memory (10); a security module (6); and a memory protection unit (8) configurable by the security module, the memory protection unit being set up to: selectively implementing one or more of write protection, read protection and execution protection for host access for at least one configurable area of the memory according to a corresponding configuration,
wherein with the start-up of the computing unit the security module (6) and the memory protection unit (8) are started (100, 105) and the write protection and/or the read protection and/or the execution protection are activated for a load store (72) of a store loader of the memory;
wherein the integrity of the load store (72) is checked (110) by the security module;
wherein if the integrity of the load store is confirmed, the memory protection unit (8) is configured (120) via the security module (6) to disable (125) read protection and/or execution protection for the load store (72) and to initiate (130) execution of the loader in the host.
2. The method according to claim 1,
wherein with the start-up of the computing unit, the write protection and/or the read protection and/or the execution protection is activated for a system kernel storage area (74) of a storage system kernel program of the memory;
wherein the security module is caused (140) by the loader to check (150) the integrity of the system kernel storage area;
wherein if the integrity of the system kernel storage area (74) is confirmed, the memory protection unit (8) is configured (160) via the security module (6) to disable (165) read protection and/or execution protection for the system kernel storage area (74) and to initiate (170) execution of the system kernel program in the host.
3. The method according to claim 1 or 2,
wherein with a start-up of the computing unit, the write protection and/or the read protection and/or the execution protection is activated for at least one application storage area (76) of the memory storing at least one application;
wherein the security module is caused (180) by the loader or the system kernel to check (190) the integrity of the at least one application storage area;
wherein if the integrity of the at least one application storage area (76) is confirmed, the memory protection unit (8) is configured (200) via the security module (6) to disable (205) read protection and/or execution protection for the at least one application storage area (76) and to initiate (210) execution of the at least one application in the host.
4. The method according to any of the preceding claims,
wherein the memory protection unit (8) is designed to: -implementing at start-up a standard configuration in which the write protection and/or the read protection and/or the execution protection is activated for the load store (72);
or wherein upon starting up the security module (6), the memory protection unit is configured by the security module to activate the write protection and/or the read protection and/or the execution protection for the load store (72).
5. The method according to claim 4, as far as dependent on claim 2,
wherein in said standard configuration said write protection and/or said read protection and/or said execution protection is also activated for said system kernel storage area (74);
or wherein upon starting up the security module (6), the memory protection unit is configured by the security module to activate the write protection and/or the read protection and/or the execution protection for the system kernel storage area (74).
6. The method according to claim 4 or 5, as far as dependent on claim 3,
wherein in said standard configuration said write protection and/or said read protection and/or said execution protection is also activated for said at least one application storage area (76);
or wherein upon starting up the security module (6), the memory protection unit is configured by means of the security module to activate the write protection and/or the read protection and/or the execution protection for the at least one application storage area (76).
7. The method according to any of the preceding claims, wherein if the integrity of the load store is not confirmed, the security module (6) does not configure the memory protection unit to disable read protection and/or perform protection for the load store, and preferably generates and/or stores an error message.
8. The method according to any of the preceding claims, when dependent on claim 2, wherein if the integrity of the system kernel storage area is not confirmed, the security module (6) does not configure the memory protection unit to disable read protection and/or perform protection for the system kernel storage area, and preferably generates and/or stores an error message.
9. A method according to any preceding claim when dependent on claim 3, wherein if the integrity of the at least one application store is not confirmed, the security module (6) does not configure the memory protection unit to disable read protection and/or perform protection for the at least one application store, and preferably generates and/or stores an error message.
10. The method according to any of the preceding claims,
wherein the authenticity of the programming unit is checked by the security module if a request is received for the loader by the programming unit and/or for the system kernel by the dependent claim 2 and/or for the at least one application by the dependent claim 3; and also
Wherein if the authenticity is confirmed, the security module (6) configures the memory protection unit (8) to disable write protection for the load store (72) and/or the system kernel store (74) and/or the at least one application store (76).
11. The method according to any of the preceding claims, wherein the memory protection unit (8) cannot be configured by the host (4).
12. A computing unit (2), the computing unit having: a host (4) with a host processor (12); at least one memory (10, 11); a security module (6); and a memory protection unit (8) configurable by the security module, the memory protection unit being set up to: according to a corresponding configuration, one or more of write protection, read protection and execution protection are selectively implemented for at least one configurable area of the at least one memory, wherein the computing unit is set up to perform all method steps of the method according to any of the preceding claims.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102022202691.8 | 2022-03-18 | ||
| DE102022202691.8A DE102022202691A1 (en) | 2022-03-18 | 2022-03-18 | Method for carrying out a secure start sequence of a computing unit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116776333A true CN116776333A (en) | 2023-09-19 |
Family
ID=87849388
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310270471.3A Pending CN116776333A (en) | 2022-03-18 | 2023-03-17 | Method for executing a secure boot sequence of a computing unit |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN116776333A (en) |
| DE (1) | DE102022202691A1 (en) |
-
2022
- 2022-03-18 DE DE102022202691.8A patent/DE102022202691A1/en active Pending
-
2023
- 2023-03-17 CN CN202310270471.3A patent/CN116776333A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| DE102022202691A1 (en) | 2023-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111095213B (en) | Secure boot method, device, equipment and storage medium for embedded program | |
| KR100294829B1 (en) | Method and apparatus for protecting flash memory | |
| US11003781B2 (en) | Root key processing method and associated device | |
| US10868679B1 (en) | Nonvolatile memory device with regions having separately programmable secure access features and related methods and systems | |
| US8478973B2 (en) | System and method for providing a secure application fragmentation environment | |
| US20050210287A1 (en) | Secure mode controlled memory | |
| US8489836B2 (en) | Secure memory management system and method | |
| WO1999039475A1 (en) | Cryptographic system | |
| EP2270707B1 (en) | Loading secure code into a memory | |
| US11544413B2 (en) | Cryptographic key distribution | |
| US20170060775A1 (en) | Methods and architecture for encrypting and decrypting data | |
| US8954696B2 (en) | Secure memory management system and method | |
| US20170053124A1 (en) | Processor and processor system | |
| US11270003B2 (en) | Semiconductor device including secure patchable ROM and patch method thereof | |
| US8108905B2 (en) | System and method for an isolated process to control address translation | |
| JP2007310688A (en) | Microcomputer and software tampering prevention method thereof | |
| US11461479B2 (en) | Computing device and method for operating same | |
| US11238166B2 (en) | Data processing device and operating method therefor | |
| TW202145007A (en) | System for accelerating verification procedure for image file | |
| US10846421B2 (en) | Method for protecting unauthorized data access from a memory | |
| EP3440586B1 (en) | Method for write-protecting boot code if boot sequence integrity check fails | |
| CN116776333A (en) | Method for executing a secure boot sequence of a computing unit | |
| CN114637996A (en) | Method for starting a computing unit in a secure manner | |
| US8127203B2 (en) | Method, data processing apparatus and wireless device | |
| US9218484B2 (en) | Control method and information processing apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |